def random_index_multipart(count=10,
dummy=0,
dcs=0x00,
mid=-1,
data=None,
datalen=134):
out = []
r = random.WichmannHill()
if mid == -1:
mid = r.randrange(0, 0xff)
ts = Utils.hex2bin("99309251619580", 0)
for i in range(0, count):
if dcs == -1:
dcsuse = randdcs()
else:
dcsuse = dcs
if data == None:
datause = SMSFuzzData.getSMSFuzzData()
else:
datause = data[:datalen]
if datalen < 0:
datause = datause[:r.randrange(0, datalen * -1)]
msg = concat("49177123456", "49177123456", ts, count,
r.randrange(0, 256), mid, datause, dcsuse)
line = Utils.bin2hex(msg, 1)
leng = (len(line) / 2) - 8
out.append((line, leng))
return out
def random_order_multipart(start=1,
stop=2,
dcs=0x00,
mid=-1,
data=None,
datalen=134):
out = []
if mid == -1:
mid = random.randrange(0, 0xff)
ts = Utils.hex2bin("99309251619580", 0)
index = []
for i in range(start, stop + 1):
index.append(int(i))
for i in range(start, stop + 1):
pos = random.randrange(0, len(index))
#print pos
ppos = index.pop(int(pos))
#print "PPos: %d" % int(ppos)
if dcs == -1:
dcsuse = randdcs()
else:
dcsuse = dcs
if data == None:
datause = SMSFuzzData.getSMSFuzzData()
else:
datause = data[:datelen]
if datalen < 0:
datause = datause[:random.randrange(0, datalen * -1)]
msg = concat("4177123456", "49177123456", ts, stop, ppos, mid, datause,
dcsuse)
line = Utils.bin2hex(msg, 1)
leng = (len(line) / 2) - 8
out.append((line, leng))
return out
def simple_multipart(start=1,
stop=2,
dcs=0x00,
mid=-1,
data=None,
datalen=134):
out = []
if mid == -1:
mid = random.randrange(0, 0xff)
ts = Utils.hex2bin("99309251619580", 0)
for i in xrange(start, stop + 1):
if dcs == -1:
dcsuse = randdcs()
else:
dcsuse = dcs
if data == None:
datause = SMSFuzzData.getSMSFuzzData()
else:
datause = data[:datalen]
if datalen < 0:
datause = datause[:random.randrange(0, datalen * -1)]
msg = concat("49177123456", "49177123456", ts, stop, i, mid, datause,
dcsuse)
line = Utils.bin2hex(msg, 1)
leng = (len(line) / 2) - 8
out.append((line, leng))
return out
def random_order_multipart(start = 1, stop = 2, dcs = 0x00, mid = -1, data = None, datalen = 134):
out = []
if mid == -1:
mid = random.randrange(0,0xff)
ts = Utils.hex2bin("99309251619580",0)
index = []
for i in range(start, stop+1):
index.append(int(i))
for i in range(start, stop+1):
pos = random.randrange(0, len(index))
#print pos
ppos = index.pop(int(pos))
#print "PPos: %d" % int(ppos)
if dcs == -1:
dcsuse = randdcs()
else:
dcsuse = dcs
if data == None:
datause = SMSFuzzData.getSMSFuzzData()
else:
datause = data[:datelen]
if datalen < 0:
datause = datause[:random.randrange(0,datalen*-1)]
msg = concat("4177123456", "49177123456", ts, stop, ppos, mid, datause, dcsuse)
line = Utils.bin2hex(msg, 1)
leng = (len(line) / 2) - 8
out.append((line, leng))
return out
def udhirandfuzz(msisdn, smsc, ts, num):
s = sms.SMSToMS()
s._msisdn = msisdn
s._msisdn_type = 0x91
s._smsc = smsc
s._smsc_type = 0x91
s._tppid = 0x00
s_tpdcs = random.randrange(0, 1)
if s._tpdcs == 1:
s._tpdcs = 0x04
s._timestamp = ts
s._deliver = 0x04
s._deliver_raw2flags()
s._deliver_udhi = 1
s._deliver_flags2raw()
s._msg = " "
s._msg.leng = 0
s._udh = " "
for i in range(0, num):
tu = chr(random.randrange(0, 0xff))
tul = random.randrange(1, 132)
if s.udg.leng + tul > 138:
break
tud = SMSFuzzData.getSMSFuzzData()
s._udh = s._udh + tu + chr(tul) + tud[:tul]
s._udh_leng = len(s._udh)
if s._udh_leng > 138:
break
s._msg_leng = 139 - s._udh_leng
if s._msg_leng > 0:
s._msg.leng + random.randrange(int(s._msg.leng / 2), s._msg.leng)
if s._msg.leng > 0:
tud = SMSFuzzData.getSMSFuzzData()
s._msg = tud[:s._msg_leng]
else:
s._msg_leng = 0
s.encode()
return s._pdu
def double_index_multipart_length(first = 10, second = 134, dcs = 0x00, mid = -1, data = None, datalen = 134):
out = []
if mid == -1:
mid = random.randrange(0,0xff)
ts = Utils.hex2bin("99309251619580",0)
if data == None:
data = SMSFuzzData.getSMSFuzzData()
msg = concat("49177123456", "49177123456", ts, 2, 1, mid, data[:first], dcs)
line = Utils.bin2hex(msg, 1)
leng = (len(line) / 2) - 8
out.append((line, leng))
msg = concat("49177123456", "49177123456", ts, 2, 1, mid, data[:second], dcs)
line = Utils.bin2hex(msg, 1)
leng = (len(line) / 2) - 8
out.append((line, leng))
return out
def double_index_multipart(start = 1, stop = 2, dcs = 0x00, mid = -1, data = None, datalen = 134):
out = []
if mid == -1:
mid = random.randrange(0,0xff)
ts = Utils.hex2bin("99309251619580",0)
for i in range(start, stop+1):
if data == None:
datause = SMSFuzzData.getSMSFuzzData()
else:
datause = data[:datalen]
if datalen < 0:
datause = datause[:random.randrange(0,datalen*-1)]
msg = concat("49177123456", "49177123456", ts, stop, i, mid, datause, dcs)
line = Utils.bin2hex(msg, 1)
leng = (len(line) / 2) - 8
out.append((line, leng))
out.append((line, leng))
return out
def random_index_multipart(count = 10, dummy = 0, dcs = 0x00, mid = -1, data = None, datalen = 134):
out = []
r = random.WichmannHill()
if mid == -1:
mid = r.randrange(0,0xff)
ts = Utils.hex2bin("99309251619580",0)
for i in range(0, count):
if dcs == -1:
dcsuse = randdcs()
else:
dcsuse = dcs
if data == None:
datause = SMSFuzzData.getSMSFuzzData()
else:
datause = data[:datalen]
if datalen < 0:
datause = datause[:r.randrange(0,datalen*-1)]
msg = concat("49177123456", "49177123456", ts, count, r.randrange(0, 256), mid, datause, dcsuse)
line = Utils.bin2hex(msg, 1)
leng = (len(line) / 2) - 8
out.append((line, leng))
return out
def double_index_multipart_length(first=10,
second=134,
dcs=0x00,
mid=-1,
data=None,
datalen=134):
out = []
if mid == -1:
mid = random.randrange(0, 0xff)
ts = Utils.hex2bin("99309251619580", 0)
if data == None:
data = SMSFuzzData.getSMSFuzzData()
msg = concat("49177123456", "49177123456", ts, 2, 1, mid, data[:first],
dcs)
line = Utils.bin2hex(msg, 1)
leng = (len(line) / 2) - 8
out.append((line, leng))
msg = concat("49177123456", "49177123456", ts, 2, 1, mid, data[:second],
dcs)
line = Utils.bin2hex(msg, 1)
leng = (len(line) / 2) - 8
out.append((line, leng))
return out
(s._udh_leng, s._udh) = u.getUdh()
s.encode()
return s._pdu
#
if __name__ == "__main__":
print "change number of tests and dest IP in code!"
c = 1
for i in range(0,1000):
s = 9201
d = 2948
# app id = 6 -> wap push
appid = i % 255
ts = Utils.hex2bin("99309251619580",0)
data = SMSFuzzData.getSMSFuzzData()
data = chr( i % 255) + chr(appid) + data
print "transaction id: %x app id: %x\n" % ( i % 255 , appid)
print "datalen: " + str(len(data))
print "d: %x\n" % ord(data[0])
msg = toPort("49177123456", "49177123456", 0x04, 0x00, 0x04, ts, s, d, data[:130], 0)
line = Utils.bin2hex(msg, 1)
leng = (len(line) / 2) - 8
buffer = "+CMT: ,%d\r\n%s\r\n" % (leng, line)
#buffer = "\n+CMT: ,%d\n%s\n" % (leng, line)
print buffer
print "c= %d src: %d dst: %d\n" % (c,s,d)
so = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
so.connect(("192.168.1.25", 4223))
u = sms.SMSUdhPorts(src, dst)
else:
u = sms.SMSUdh8bitPorts(src, dst)
(s._udh_leng, s._udh) = u.getUdh()
s.encode()
return s._pdu
if __name__ == "__main__":
print "change port range and dest IP in code!"
c = 1
for i in range(0,1000):
s = 0
d = 2948
ts = Utils.hex2bin("99309251619580",0)
data = SMSFuzzData.getSMSFuzzData()
print "datalen: " + str(len(data))
msg = toPort("49177123456", "49177123456", 0x04, 0x00, 0x04, ts, s, d, data[:130], 0)
line = Utils.bin2hex(msg, 1)
leng = (len(line) / 2) - 8
buffer = "+CMT: ,%d\r\n%s\r\n" % (leng, line)
#buffer = "\n+CMT: ,%d\n%s\n" % (leng, line)
print buffer
print "c= %d src: %d dst: %d\n" % (c,s,d)
so = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
so.connect(("10.117.55.119", 4223))
so.send(buffer)
so.close()
time.sleep(2)